Nigerian firm admits misrouting Google traffic through China

ISP firm MainOne said misconfigured a border gateway protocol filter was the culprit after concerns were raised over traffic hijacking

A Nigerian internet service provider (ISP) has taken responsibility for a glitch that caused some Google traffic to be misrouted through Russia and China.

A misconfigured border gateway protocol (BGP) filter, used to route traffic across the internet, inadvertently sent Google traffic through Russia and China, raising concerns of intentional hijacking.

But, the Main One Cable Co, or MainOne, a small firm in Lagos, Nigeria, said it was due to a "technical glitch" during a planned upgrade.

"In the early hours of Tuesday morning, MainOne experienced a technical glitch during a planned network upgrade and access to some Google services was impacted," the company said in a statement. "We promptly corrected the situation at our end and are doing all that is necessary to ensure it doesn't happen again.

"The error was accidental on our part; we are not aware that any Google services were compromised as a result. MainOne is a major internet service provider in West Africa and has direct reachability with over 100 leading networks globally."

Two of those leading global networks were TransTelekom in Russia and China Telecom, the latter being a partner with MainOne. China Telecom is said to have leaked the routing information out to the rest of the world, where TransTelekom picked it up.

Google is said to have lost control of several million IP addresses for more than an hour on Monday, causing problems for its cloud service and a number of other sites such as YouTube and Spotify. But it said it had no reason to believe it was a malicious act.

"We're aware that a portion of internet traffic was affected by incorrect routing of IP addresses, and access to some Google services was impacted," said a Google spokesperson. "The root cause of the issue was external to Google and there was no compromise of Google services."

Adding to suspicions of hijacking, some Cloudflare-owned IP addresses were also sent through China Telecom. But again, the cloud company has said this is due to the Nigerian ISP inadvertently leaked the routing information to China Telecom, who in turn then leaked it out to the rest of the world.

"Route leaks like this are relatively common and typically just the result of a mistaken configuration of a router," said John Graham-Cumming, Cloudflare CTO. "The global routing system, which is based on BGP, is entirely trust-based. As a result, if a major network wrongly claims that they are the rightful destination for certain traffic then it can cause a disruption."

"The impact on us was minimal. Cloudflare's systems automatically noticed the leak and changed our routing to mitigate the effects."

Graham-Cumming added that if there was something nefarious afoot there would have been a lot more direct, and potentially less disruptive and detectable, ways to reroute traffic.